Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

systemapps(like explorer) pop up everytime i press a letter!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

systemapps(like explorer) pop up everytime i press a letter!

Unread postby IHateMalware616 » April 20th, 2009, 7:27 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:54 PM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\imapi.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\Program Files\ProcessExplorer\procexp.exe
D:\AVasquez\My PROGRAM FILES\HiJackThis.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\Firewall\cfpupdat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93935F7F-9C88-42F8-8445-95251D27FABC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-1b3f5e27851a876f.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9833 bytes
IHateMalware616
Active Member
 
Posts: 9
Joined: April 20th, 2009, 7:11 am
Advertisement
Register to Remove

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby Shaba » April 24th, 2009, 3:59 am

Hi IHateMalware616

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby IHateMalware616 » April 25th, 2009, 8:28 pm

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9 Lite
Adobe Shockwave Player 11
Advanced System Optimizer
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
avast! Antivirus
Bonjour
CCleaner (remove only)
Chikka Messenger V4
Choice Guard
C-Media 3D Audio
COMODO Firewall Pro
Critical Update for Windows Media Player 11 (KB959772)
EAX Unified
Eraser
Free CD Music Converter 10
Free Download Manager 3.0
GhostSurf 2005
GIMP 2.6.3
GOM Player
GPSoftware Directory Opus
Guild Wars
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 12
Junk Mail filter update
KCeasy 0.19-rc1
Launchy 2.1.2
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mp3tag v2.43
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA nForce Drivers
PC Connectivity Solution
Picasa 3
Python 2.5.2
QuickTime
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Recuva (remove only)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Spybot - Search & Destroy
Tcl 8.0.5 for Windows
TeraCopy 2.0 beta 4a
Toddler Keys
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
IHateMalware616
Active Member
 
Posts: 9
Joined: April 20th, 2009, 7:11 am

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby Shaba » April 26th, 2009, 3:04 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

[b]Please run a new HJT scan when finished and post the log back here.[/b
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby IHateMalware616 » April 26th, 2009, 11:43 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:57 AM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toddler Keys\Toddler Keys.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\AVasquez\My PROGRAM FILES\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93935F7F-9C88-42F8-8445-95251D27FABC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-1b3f5e27851a876f.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9718 bytes
IHateMalware616
Active Member
 
Posts: 9
Joined: April 20th, 2009, 7:11 am

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby Shaba » April 27th, 2009, 12:05 am

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby IHateMalware616 » April 27th, 2009, 8:41 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by AMincher at 2009-04-27 20:29:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (7%) free of 19 GB
Total RAM: 1279 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:30 PM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toddler Keys\Toddler Keys.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\KCeasy\KCeasy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\KCeasy\giFT\giFTl.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
D:\Downloads\RSIT.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
D:\AVasquez\My PROGRAM FILES\AMincher.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93935F7F-9C88-42F8-8445-95251D27FABC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free

Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system

optimizer\memtuneup.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free

Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program

Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program

Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free

Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer -

{323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} -

javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} -

javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}

- C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -

http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -

http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -

http://cid-1b3f5e27851a876f.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program

Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9587 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1214440339-725345543-1003.job
C:\WINDOWS\tasks\NSSstub.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{93935F7F-9C88-42F8-8445-95251D27FABC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[2009-03-08 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-29 344064]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-06 81000]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2003-01-01 1851128]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Systweak Memory Optimizer"=c:\program files\advanced system optimizer\memtuneup.exe [2007-06-22

119024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
C:\Program Files\COMODO\Firewall\cfp.exe [2003-01-01 1851128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurfDelSatellite]
C:\Program Files\GhostSurf 2005\DeleteSatellite.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GhostSurf proxy.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~1\Launchy\Launchy.exe [2008-08-05 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^AMincher.ERICA_CARTMAN^Start Menu^Programs^Startup^GhostSurf main window.lnk]
C:\PROGRA~1\GHOSTS~1\GHOSTS~1.EXE [2004-07-11 73845]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^AMincher.ERICA_CARTMAN^Start Menu^Programs^Startup^Scheduler.lnk]
C:\PROGRA~1\GHOSTS~1\SCHEDU~1.EXE [2004-03-09 86133]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"usnjsvc"=3
"sp_rssrv"=2
"UPS"=3
"iPod Service"=3
"gusvc"=3
"Dnscache"=2
"avast! Mail Scanner"=3
"Apple Mobile Device"=2

C:\Documents and Settings\AMincher.ERICA_CARTMAN\Start Menu\Programs\Startup
GhostSurf proxy.lnk - C:\Program Files\GhostSurf 2005\Proxy.exe
Scheduler.lnk - C:\Program Files\GhostSurf 2005\Scheduler daemon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2004-09-29 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

[2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"=C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll

[2008-10-27 693744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standar

dprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\GhostSurf 2005\Proxy.exe"="C:\Program Files\GhostSurf

2005\Proxy.exe:*:Enabled:GhostSurf proxy"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program

Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program

Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia

Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common

Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google

Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program

Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows

Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"D:\DownLoaded\BlueSoleil 6.2.227.11 + Crack\Crack\BlueSoleilCS.exe"="D:\DownLoaded\BlueSoleil

6.2.227.11 + Crack\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\KCeasy\giFT\giFTl.exe"="C:\Program Files\KCeasy\giFT\giFTl.exe:*:Enabled:giFT

Loader for KCeasy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainp

rofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows

Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows

Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b2eb638-b164-11

dd-90a1-000d87992fd1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe

tracker.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f3e93b-1cf7-11

d7-90b0-000d87992fd1}]
shell\AutoRun\command - H:\
shell\explore\command - H:\RECYCLER\INFO.exe
shell\open\command - H:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd927ecc-0341-11

de-9138-000d87992fd1}]
shell\AutoRun\command - qxty9be.cmd
shell\open\command - qxty9be.cmd


======List of files/folders created in the last 1 months======

2009-04-27 20:29:46 ----DC---- C:\rsit
2009-04-27 19:14:16 ----D---- C:\Program Files\mIRC
2009-04-27 19:14:16 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\mIRC
2009-04-24 11:35:32 ----D---- C:\WINDOWS\Free CD Music Converter
2009-04-24 11:35:32 ----D---- C:\Program Files\Free CD Music Converter
2009-04-24 11:21:40 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\AccurateRip
2009-04-24 11:21:33 ----D---- C:\Program Files\Exact Audio Copy
2009-04-24 07:00:43 ----D---- C:\Program Files\KCeasy
2009-04-22 10:22:04 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\NCH

Software
2009-04-17 02:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 02:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 02:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 02:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 02:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 02:03:26 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 02:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 04:37:03 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 15:47:36 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-04-15 11:48:12 ----D---- C:\Program Files\Toddler Keys
2009-04-14 21:04:38 ----D---- C:\Program Files\Eraser
2009-04-12 20:35:30 ----D---- C:\Program Files\Horizon5
2009-04-12 19:14:11 ----D---- C:\Program Files\Recuva
2009-04-08 10:47:54 ----D---- C:\Program Files\NCH Software
2009-04-08 10:47:45 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\NCH

Swift Sound
2009-04-08 07:07:06 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-08 06:27:59 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\Free

Download Manager
2009-04-08 06:27:54 ----D---- C:\Program Files\Free Download Manager
2009-04-08 05:53:50 ----D---- C:\Program Files\CCleaner
2009-04-08 01:36:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2009-04-08 01:31:54 ----D---- C:\Program Files\IVT Corporation
2009-04-08 01:24:03 ----D---- C:\Program Files\OLVI Soft
2009-04-08 00:04:15 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem #2.txt
2009-04-08 00:04:00 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem.txt
2009-04-05 15:12:48 ----A---- C:\WINDOWS\system32\devil.dll
2009-04-05 15:12:48 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-04-05 15:12:46 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2009-04-05 15:12:45 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-04-05 15:12:44 ----D---- C:\Program Files\AviSynth 2.5
2009-04-04 16:42:55 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\WinFF
2009-04-04 16:42:49 ----D---- C:\Program Files\WinFF
2009-04-04 16:26:32 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\Any

Video Converter
2009-04-04 16:26:19 ----D---- C:\Program Files\Any Video Converter
2009-04-04 09:05:06 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\GRETECH
2009-04-04 09:02:49 ----D---- C:\Program Files\GRETECH
2009-04-03 08:05:08 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Launchy
2009-04-03 08:04:14 ----D---- C:\Program Files\Launchy
2009-04-02 16:18:25 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Windows Live Writer
2009-04-02 09:31:17 ----D---- C:\Program Files\YouTube Downloader
2009-04-02 06:56:24 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\GPSoftware
2009-04-02 06:55:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application

Data\GPSoftware
2009-04-02 06:55:40 ----D---- C:\Program Files\GPSoftware
2009-04-02 02:40:52 ----D---- C:\Program Files\MediaCoder
2009-04-01 06:09:49 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-04-01 00:51:14 ----D---- C:\Program Files\UltraExplorer
2009-03-31 22:15:56 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Mp3tag
2009-03-31 22:15:47 ----D---- C:\Program Files\Mp3tag
2009-03-31 05:27:14 ----D---- C:\Program Files\IrfanView
2009-03-31 02:21:35 ----D---- C:\Program Files\TeraCopy
2009-03-30 13:39:03 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-30 13:36:10 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-03-30 13:35:55 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-03-30 13:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-03-30 13:34:39 ----D---- C:\Program Files\Microsoft
2009-03-30 13:33:54 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-28 13:17:34 ----D---- C:\Program Files\Worms 4 Mayhem

======List of files/folders modified in the last 1 months======

2009-04-27 20:30:17 ----D---- C:\WINDOWS\Prefetch
2009-04-27 19:14:16 ----D---- C:\Program Files
2009-04-27 17:15:31 ----D---- C:\WINDOWS\Temp
2009-04-26 19:39:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-26 19:12:23 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\TeraCopy
2009-04-26 17:06:00 ----D---- C:\WINDOWS\system32
2009-04-26 17:06:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-26 10:36:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-24 06:54:56 ----D---- C:\WINDOWS\system32\drivers
2009-04-24 06:43:14 ----SHD---- C:\WINDOWS\Installer
2009-04-24 06:43:14 ----DC---- C:\Config.Msi
2009-04-22 01:52:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-22 01:47:33 ----RASHC---- C:\boot.ini
2009-04-22 01:47:33 ----AC---- C:\WINDOWS\win.ini
2009-04-22 01:47:33 ----AC---- C:\WINDOWS\system.ini
2009-04-22 01:47:29 ----D---- C:\WINDOWS\pss
2009-04-20 18:47:44 ----SD---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Microsoft
2009-04-19 21:54:21 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Cabos
2009-04-17 03:40:34 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 03:40:34 ----D---- C:\WINDOWS\AppPatch
2009-04-17 02:05:29 ----D---- C:\WINDOWS\Debug
2009-04-17 02:04:55 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 18:38:02 ----D---- C:\Program Files\Google
2009-04-15 15:43:29 ----D---- C:\WINDOWS\security
2009-04-14 20:45:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot -

Search & Destroy
2009-04-12 20:32:53 ----RSD---- C:\WINDOWS\Fonts
2009-04-08 07:37:56 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-08 05:55:28 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\SUPERAntiSpyware.com
2009-04-08 05:55:16 ----D---- C:\Program Files\Common Files
2009-04-08 05:55:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-08 02:23:10 ----A---- C:\WINDOWS\Uninstall Manager.INI
2009-04-08 01:38:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-08 01:12:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-08 01:11:36 ----D---- C:\WINDOWS\system32\ias
2009-04-06 22:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 16:37:07 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\gtk-2.0
2009-04-02 17:20:49 ----D---- C:\WINDOWS\network diagnostic
2009-04-01 05:50:48 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\DAEMON Tools Lite
2009-03-30 14:09:36 ----RSD---- C:\WINDOWS\assembly
2009-03-30 14:06:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-30 13:37:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-30 13:37:49 ----D---- C:\Program Files\Windows Live
2009-03-30 13:36:13 ----D---- C:\WINDOWS\system32\DirectX
2009-03-30 13:34:02 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application

Data\Microsoft
2009-03-28 12:38:40 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\WinRAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-06

26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-06 51376]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2003-01-01

110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2003-01-01

24336]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-06

94032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-09-29 800256]
R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14

17024]
R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys

[2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys

[2008-04-14 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15

23848]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys

[2002-11-27 80896]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14

59136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04

5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14

12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 awvxp5f4;awvxp5f4; C:\WINDOWS\system32\drivers\awvxp5f4.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys

[2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26

18816]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service;

C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06

28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14

19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;

C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

[2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-09-29 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-06

138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe

[2003-01-01 700152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-08

152984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe

[2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

[2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

[2009-02-06 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11

620544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-09-29 516096]
S3 aspnet_state;ASP.NET State Service;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[2009-02-06 533360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe [2008-11-21 136120]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-04-27 20:30:39

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 Lite-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced System Optimizer-->"C:\Program Files\Advanced System Optimizer\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chikka Messenger V4-->C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Eraser-->"C:\Program Files\Eraser\unins000.exe"
Free CD Music Converter 10-->"C:\WINDOWS\Free CD Music Converter\uninstall.exe" "/U:C:\Program Files\Free CD Music Converter\irunin.xml"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
GhostSurf 2005-->"C:\Program Files\GhostSurf 2005\unins000.exe"
GIMP 2.6.3-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
GPSoftware Directory Opus-->"C:\Program Files\InstallShield Installation Information\{556DF27F-5B74-11D5-B876-004005E12EF1}\setup.exe" -runfromtemp -l0x0009 -DentalFloss -removeonly
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2-->"D:\AVasquez\My PROGRAM FILES\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
KCeasy 0.19-rc1-->"C:\Program Files\KCeasy\uninstall.exe"
Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}
Nokia PC Suite-->C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NVIDIA nForce Drivers-->C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tcl 8.0.5 for Windows-->C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG
TeraCopy 2.0 beta 4a-->"C:\Program Files\TeraCopy\unins000.exe"
Toddler Keys-->MsiExec.exe /I{7339E7E7-FB6A-46EC-8303-D31E655EF617}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) [2009-04-18]
O3 - Toolbar: (no name) - {C70E30C7-140A-4166-A2E8-43557E62B41A} - (no file) [2009-04-18]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-04-18]

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090425-0]
FW: COMODO Firewall

======System event log======

Computer Name: ERICA_CARTMAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 7943
Source Name: Tcpip
Time Written: 20090330014515.000000+480
Event Type: warning
User:

Computer Name: ERICA_CARTMAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 7942
Source Name: Tcpip
Time Written: 20090329235552.000000+480
Event Type: warning
User:

Computer Name: ERICA_CARTMAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 7941
Source Name: Tcpip
Time Written: 20090329230106.000000+480
Event Type: warning
User:

Computer Name: ERICA_CARTMAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 7940
Source Name: Tcpip
Time Written: 20090329223123.000000+480
Event Type: warning
User:

Computer Name: ERICA_CARTMAN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 7939
Source Name: Tcpip
Time Written: 20090329211006.000000+480
Event Type: warning
User:

=====Application event log=====

Computer Name: ERICA_CARTMAN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 416
Source Name: .NET Runtime Optimization Service
Time Written: 20090104210619.000000+480
Event Type:
User:

Computer Name: ERICA_CARTMAN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 414
Source Name: .NET Runtime Optimization Service
Time Written: 20090104210617.000000+480
Event Type:
User:

Computer Name: ERICA_CARTMAN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 412
Source Name: .NET Runtime Optimization Service
Time Written: 20090104210615.000000+480
Event Type:
User:

Computer Name: ERICA_CARTMAN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 410
Source Name: .NET Runtime Optimization Service
Time Written: 20090104210612.000000+480
Event Type:
User:

Computer Name: ERICA_CARTMAN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 408
Source Name: .NET Runtime Optimization Service
Time Written: 20090104210609.000000+480
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\WINDOWS\system32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
IHateMalware616
Active Member
 
Posts: 9
Joined: April 20th, 2009, 7:11 am

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby Shaba » April 27th, 2009, 9:28 am

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it. (If you are using Vista, right-click it and choose Run As Administrator).
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Rerun rsit and post back a fresh log.txt from rsit.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby IHateMalware616 » April 27th, 2009, 7:42 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by AMincher at 2009-04-28 07:35:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (7%) free of 19 GB
Total RAM: 1279 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:28 AM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Advanced System Optimizer\SecureDelete.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\AMincher.ERICA_CARTMAN\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
D:\Downloads\RSIT.exe
D:\AVasquez\My PROGRAM FILES\AMincher.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93935F7F-9C88-42F8-8445-95251D27FABC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free

Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system

optimizer\memtuneup.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free

Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program

Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program

Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free

Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer -

{323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} -

javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} -

javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}

- C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -

http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -

http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -

http://cid-1b3f5e27851a876f.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program

Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9358 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1214440339-725345543-1003.job
C:\WINDOWS\tasks\NSSstub.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{93935F7F-9C88-42F8-8445-95251D27FABC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[2009-03-08 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-29 344064]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-06 81000]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2003-01-01 1851128]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Systweak Memory Optimizer"=c:\program files\advanced system optimizer\memtuneup.exe [2007-06-22

119024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
C:\Program Files\COMODO\Firewall\cfp.exe [2003-01-01 1851128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurfDelSatellite]
C:\Program Files\GhostSurf 2005\DeleteSatellite.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GhostSurf proxy.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~1\Launchy\Launchy.exe [2008-08-05 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^AMincher.ERICA_CARTMAN^Start Menu^Programs^Startup^GhostSurf main window.lnk]
C:\PROGRA~1\GHOSTS~1\GHOSTS~1.EXE [2004-07-11 73845]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and

Settings^AMincher.ERICA_CARTMAN^Start Menu^Programs^Startup^Scheduler.lnk]
C:\PROGRA~1\GHOSTS~1\SCHEDU~1.EXE [2004-03-09 86133]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"usnjsvc"=3
"sp_rssrv"=2
"UPS"=3
"iPod Service"=3
"gusvc"=3
"Dnscache"=2
"avast! Mail Scanner"=3
"Apple Mobile Device"=2

C:\Documents and Settings\AMincher.ERICA_CARTMAN\Start Menu\Programs\Startup
GhostSurf proxy.lnk - C:\Program Files\GhostSurf 2005\Proxy.exe
Scheduler.lnk - C:\Program Files\GhostSurf 2005\Scheduler daemon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2004-09-29 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

[2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"=C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll

[2008-10-27 693744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standar

dprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\GhostSurf 2005\Proxy.exe"="C:\Program Files\GhostSurf

2005\Proxy.exe:*:Enabled:GhostSurf proxy"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program

Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia

Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common

Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google

Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program

Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows

Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"D:\DownLoaded\BlueSoleil 6.2.227.11 + Crack\Crack\BlueSoleilCS.exe"="D:\DownLoaded\BlueSoleil

6.2.227.11 + Crack\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainp

rofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows

Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows

Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b2eb638-b164-11

dd-90a1-000d87992fd1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe

tracker.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f3e93b-1cf7-11

d7-90b0-000d87992fd1}]
shell\AutoRun\command - H:\
shell\explore\command - H:\RECYCLER\INFO.exe
shell\open\command - H:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd927ecc-0341-11

de-9138-000d87992fd1}]
shell\AutoRun\command - qxty9be.cmd
shell\open\command - qxty9be.cmd


======List of files/folders created in the last 1 months======

2009-04-28 07:26:22 ----RASHDC---- C:\autorun.inf
2009-04-27 20:29:46 ----DC---- C:\rsit
2009-04-27 19:14:16 ----D---- C:\Program Files\mIRC
2009-04-27 19:14:16 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\mIRC
2009-04-24 11:35:32 ----D---- C:\WINDOWS\Free CD Music Converter
2009-04-24 11:35:32 ----D---- C:\Program Files\Free CD Music Converter
2009-04-24 11:21:40 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\AccurateRip
2009-04-24 11:21:33 ----D---- C:\Program Files\Exact Audio Copy
2009-04-22 10:22:04 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\NCH

Software
2009-04-17 02:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 02:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 02:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 02:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 02:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 02:03:26 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 02:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 04:37:03 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 15:47:36 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-04-15 11:48:12 ----D---- C:\Program Files\Toddler Keys
2009-04-14 21:04:38 ----D---- C:\Program Files\Eraser
2009-04-12 20:35:30 ----D---- C:\Program Files\Horizon5
2009-04-12 19:14:11 ----D---- C:\Program Files\Recuva
2009-04-08 10:47:54 ----D---- C:\Program Files\NCH Software
2009-04-08 10:47:45 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\NCH

Swift Sound
2009-04-08 07:07:06 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-08 06:27:59 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\Free

Download Manager
2009-04-08 06:27:54 ----D---- C:\Program Files\Free Download Manager
2009-04-08 05:53:50 ----D---- C:\Program Files\CCleaner
2009-04-08 01:36:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2009-04-08 01:31:54 ----D---- C:\Program Files\IVT Corporation
2009-04-08 01:24:03 ----D---- C:\Program Files\OLVI Soft
2009-04-08 00:04:15 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem #2.txt
2009-04-08 00:04:00 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem.txt
2009-04-05 15:12:48 ----A---- C:\WINDOWS\system32\devil.dll
2009-04-05 15:12:48 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-04-05 15:12:46 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2009-04-05 15:12:45 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-04-05 15:12:44 ----D---- C:\Program Files\AviSynth 2.5
2009-04-04 16:42:55 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\WinFF
2009-04-04 16:42:49 ----D---- C:\Program Files\WinFF
2009-04-04 16:26:32 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application Data\Any

Video Converter
2009-04-04 16:26:19 ----D---- C:\Program Files\Any Video Converter
2009-04-04 09:05:06 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\GRETECH
2009-04-04 09:02:49 ----D---- C:\Program Files\GRETECH
2009-04-03 08:05:08 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Launchy
2009-04-03 08:04:14 ----D---- C:\Program Files\Launchy
2009-04-02 16:18:25 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Windows Live Writer
2009-04-02 09:31:17 ----D---- C:\Program Files\YouTube Downloader
2009-04-02 06:56:24 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\GPSoftware
2009-04-02 06:55:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application

Data\GPSoftware
2009-04-02 06:55:40 ----D---- C:\Program Files\GPSoftware
2009-04-02 02:40:52 ----D---- C:\Program Files\MediaCoder
2009-04-01 06:09:49 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-04-01 00:51:14 ----D---- C:\Program Files\UltraExplorer
2009-03-31 22:15:56 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Mp3tag
2009-03-31 22:15:47 ----D---- C:\Program Files\Mp3tag
2009-03-31 05:27:14 ----D---- C:\Program Files\IrfanView
2009-03-31 02:21:35 ----D---- C:\Program Files\TeraCopy
2009-03-30 13:39:03 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-30 13:36:10 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-03-30 13:35:55 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-03-30 13:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-03-30 13:34:39 ----D---- C:\Program Files\Microsoft
2009-03-30 13:33:54 ----D---- C:\Program Files\Windows Live SkyDrive

======List of files/folders modified in the last 1 months======

2009-04-28 07:28:25 ----D---- C:\WINDOWS\Prefetch
2009-04-28 07:28:14 ----D---- C:\WINDOWS\Temp
2009-04-27 23:18:34 ----D---- C:\Program Files
2009-04-26 19:39:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-26 19:12:23 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\TeraCopy
2009-04-26 17:06:00 ----D---- C:\WINDOWS\system32
2009-04-26 17:06:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-26 10:36:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-24 17:04:52 ----D---- C:\Program Files\Worms 4 Mayhem
2009-04-24 06:54:56 ----D---- C:\WINDOWS\system32\drivers
2009-04-24 06:43:14 ----SHD---- C:\WINDOWS\Installer
2009-04-24 06:43:14 ----DC---- C:\Config.Msi
2009-04-22 01:52:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-22 01:47:33 ----RASHC---- C:\boot.ini
2009-04-22 01:47:33 ----AC---- C:\WINDOWS\win.ini
2009-04-22 01:47:33 ----AC---- C:\WINDOWS\system.ini
2009-04-22 01:47:29 ----D---- C:\WINDOWS\pss
2009-04-20 18:47:44 ----SD---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Microsoft
2009-04-19 21:54:21 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\Cabos
2009-04-17 03:40:34 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 03:40:34 ----D---- C:\WINDOWS\AppPatch
2009-04-17 02:05:29 ----D---- C:\WINDOWS\Debug
2009-04-17 02:04:55 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 18:38:02 ----D---- C:\Program Files\Google
2009-04-15 15:43:29 ----D---- C:\WINDOWS\security
2009-04-14 20:45:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot -

Search & Destroy
2009-04-12 20:32:53 ----RSD---- C:\WINDOWS\Fonts
2009-04-08 07:37:56 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-08 05:55:28 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\SUPERAntiSpyware.com
2009-04-08 05:55:16 ----D---- C:\Program Files\Common Files
2009-04-08 05:55:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-08 02:23:10 ----A---- C:\WINDOWS\Uninstall Manager.INI
2009-04-08 01:38:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-08 01:12:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-08 01:11:36 ----D---- C:\WINDOWS\system32\ias
2009-04-06 22:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 16:37:07 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\gtk-2.0
2009-04-02 17:20:49 ----D---- C:\WINDOWS\network diagnostic
2009-04-01 05:50:48 ----D---- C:\Documents and Settings\AMincher.ERICA_CARTMAN\Application

Data\DAEMON Tools Lite
2009-03-30 14:09:36 ----RSD---- C:\WINDOWS\assembly
2009-03-30 14:06:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-30 13:37:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-30 13:37:49 ----D---- C:\Program Files\Windows Live
2009-03-30 13:36:13 ----D---- C:\WINDOWS\system32\DirectX
2009-03-30 13:34:02 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application

Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-06

26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-06 51376]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2003-01-01

110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2003-01-01

24336]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-06

94032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-09-29 800256]
R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14

17024]
R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys

[2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys

[2008-04-14 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15

23848]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys

[2002-11-27 80896]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14

59136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04

5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14

12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 awvxp5f4;awvxp5f4; C:\WINDOWS\system32\drivers\awvxp5f4.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys

[2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26

18816]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service;

C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06

28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14

19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;

C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

[2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-09-29 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-06

138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe

[2003-01-01 700152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-08

152984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe

[2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

[2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

[2009-02-06 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11

620544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-09-29 516096]
S3 aspnet_state;ASP.NET State Service;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[2009-02-06 533360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe [2008-11-21 136120]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]

-----------------EOF-----------------
IHateMalware616
Active Member
 
Posts: 9
Joined: April 20th, 2009, 7:11 am

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby Shaba » April 27th, 2009, 11:50 pm

  • Please use the following link to download ERUNT
  • Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b2eb638-b164-11dd-90a1-000d87992fd1}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f3e93b-1cf7-11d7-90b0-000d87992fd1}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd927ecc-0341-11de-9138-000d87992fd1}]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reboot.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh rsit log and otmoveit3 log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: systemapps(like explorer) pop up everytime i press a letter!

Unread postby Shaba » May 3rd, 2009, 2:36 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware